Creating Roslyn API-based static analyzer for C#

After you read this article, you’ll have the knowledge to create your own static analyzer for C#. With the help of the analyzer, you can find potential errors and vulnerabilities in the source code of your own and other projects. Are you intrigued? Well, let’s get started.

Continue reading

How to choose a static analysis tool

Tools to improve and control code quality can be a keyΒ success factor in a complex software project implementation. Static analyzers belong to such tools. Nowadays, you can find various static analyzers: from free open-source to cross-functional commercial solutions. On the one hand, it’s great – you can choose from many options. On the other hand – you have to perform advanced research to find the right tool for your team.

Continue reading

Technical support: what it’s for and how to avoid burnout?

Not everyone enjoys working in support. Many people who work there experience burnout. So maybe companies shouldn’t have any support at all? How do they benefit from it? Is there a way to prevent burnout while working in support? Let’s try to find the answers.

Continue reading

XSS: attack, defense – and C# programming

XSS – or cross-site scripting – is one of the most common vulnerabilities in web applications. It has been on the OWASP Top 10 list (the list of the most critical security risks to web applications) for a while now. So let’s figure out together how your browser can acquire and execute a script from a third-party website, and what this may lead to (spoiler: your cookies could get stolen, for example). And while we’re at it, we’ll talk about ways you can protect yourself from XSS.

Continue reading

Tutorial: how to port a project from Interop Word API to Open XML SDK

With the .NET5 release further development of some projects was questionable due to the complexity of porting. One can abandon small outdated libraries or find a replacement. But it’s hard to throw away Microsoft.Office.Interop.Word.dll. Microsoft doesn’t plan to add compatibility with .NET Core/5+, so in this article we focus on creating Word files with Open XML SDK.

Continue reading

Using Static Analysis Online [Compiler Explorer]

Do you want to try a static analyzer but you don’t feel like installing it and figuring the things out? That’s OK 😊

This video will tell you how to do it online and most importantly for free. By the way, this website allows you to check if your code compiles πŸ˜‰

Code from video.

Have fun watching this video and coding πŸ™‚

Optimization of .NET applications: a big result of small edits

Today we’re going to discuss how small optimizations in the right places of the application can improve its performance. Imagine: we remove the creation of an extra iterator in one place, get rid of boxing in the other. As a result, we get drastic improvements because of such small edits.

Continue reading

VSCode: how to view reports of static analyzers that support SARIF

People increasingly start optimizing the process of finding code errors using static analyzers. Nowadays, we can choose from a variety of products to view analysis results. This post covers the ways how to view an analyzer report in the most stylish and feature-rich IDE among multifunctional ones – VSCode. The SARIF format and a special plugin for it allow us to perform our task. Keep reading to find out about this. Let’s get going!

Continue reading